Zones: PLC placement and controls: What protection mechanisms should be used between a PLC and a network?

Options:

Option A: No special protection is used for the PLC.Option B: Use a restricted access network zone for the PLC.Option C: Use encrypted communications for the PLC.Option D: Use a custom FSM wrapper for the PLC input.Option E: Do not connect the PLC to the network.Option F: Use a digital diode to exfiltrate PLC data.

Decision:

The suggested approach follows:

Consequence

Approach

High

IF no communication is required to the PLC,

THEN Do not connect the PLC to the network.

OTHERWISE

IF data from the PLC is required,

THEN Use a digital diode to exfiltrate PLC data.

IF external control of the PLC is required,

THEN Use a custom FSM wrapper for the PLC input.

ALSO Use all applicable methods from Medium.

Medium

IF the PLC interaction rate allows for encryption AND encryption does not interfere with an FSM wrapper,

THEN Use encrypted communications for the PLC.

IF a restricted network zone for PLC operations is in place in the enterprise,

THEN Use a restricted access network zone for the PLC.

Low

No special protection is used for the PLC.

Hardening approaches to endpoints

Basis:

Encryption: Encryption takes substantial time. For a PLC that has to interact
in real-time with feedback times on the order of microseconds,
encryption isn't fast enough in most cases to allow both the necessary
PLC computations and the encryption to take place in time to meet the
demands of the control signal timing.

Restricted access network zone: Such a zone
reduces the sources that can be used to directly influence and observe
PLC inputs and outputs. When such a zone is available, it should be
used unless there is a reason not to use it.

Use a custom FSM wrapper for the PLC input: A
custom FSM for the input of a PLC provides a means by which all inputs
can be checked for validity in the context of the expected machine
state. This provides a high degree of certainty that unauthorized and
unanticipated input sequences cannot appear at the PLC input.

Use a digital diode to exfiltrate PLC data: A
digital diode can be used to prevent output channels from being used
for input to a high degree of certainty. This will normally require
protocol alterations, such as TCP to UDP and UDP to TCP proxies on
sending and receiving sides of the diode in order to interface with
technologies that depend on 2-way transport.

Do not connect the PLC to the network: When
the situation has consequences too high to risk connection, it should
be run in an isolated manner.